MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7913c7bbfc24cc06ab944818131b856c80de8bf62ae33adc3f8a5156f36231a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	b7913c7bbfc24cc06ab944818131b856c80de8bf62ae33adc3f8a5156f36231a
SHA3-384 hash:	cfa224f752bb0ea62ca1ed63432d8cd5a3d6c215aa5cc427b751fdd131a84ee0b1aacd876cc575baed8068e594c2bcd8
SHA1 hash:	d06d6f015e979977c2537658bdb1cdacb37ef299
MD5 hash:	fb4327f5244cb842edfa4ef23636e09c
humanhash:	mockingbird-fix-saturn-venus
File name:	180-28975277.xlsx
Download:	download sample
File size:	15'670 bytes
First seen:	2025-09-08 15:26:50 UTC
Last seen:	2025-09-25 09:46:17 UTC
File type:	xlsx
MIME type:	application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
ssdeep	384:YgZtfl7VybO3/AKjY2x/KhYBcXv+pGNpY:Ywtfl7VQw35w7f+pGNpY
TLSH	T119629E2B77029DEDC173643E926801E45A04208A62D3E4CD6CE4E26E1FA76D787CF198
TrID	61.2% (.XLSX) Excel Microsoft Office Open XML Format document (34000/1/7) 31.5% (.ZIP) Open Packaging Conventions container (17500/1/4) 7.2% (.ZIP) ZIP compressed archive (4000/1)
Magika	xlsx
Reporter	cocaman
Tags:	xlsx

cocaman

Malicious email (T1566.001)
From: ""Ngu Liew" <esme@eddiexie.com>" (likely spoofed)
Received: "from spite.eddiexie.com (spite.eddiexie.com [94.156.175.114]) "
Date: "24 Sep 2025 18:40:54 -0700"
Subject: "New 140POGL-MT inquiry ( 25-09-2025 )"
Attachment: "42897527-1807.xlsx"

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

180-28975277.xlsx

Verdict:

No threats detected

Analysis date:

2025-09-08 15:30:27 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/533f6766-de73-41b8-adce-41f135e70d45

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/26314/

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68bef5f0b20052598878fd83

Tags:

n/a

Result

Verdict:

Clean

File Type:

OOXML Excel File

Link:

https://app.docguard.net/b7913c7bbfc24cc06ab944818131b856c80de8bf62ae33adc3f8a5156f36231a/results/dashboard

Verdict:

Unknown

Threat level:

10/10

Confidence:

100%

Tags:

language-zh-CN

Link:

https://www.filescan.io/uploads/68bef6361b52c70384b78045/reports/d72cbe15-6d5b-47dd-92ca-d8937003567e/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/b7913c7bbfc24cc06ab944818131b856c80de8bf62ae33adc3f8a5156f36231a

Label:

Benign

Suspicious Score:

4/10

Score Malicious:

Score Benign:

95%

Link:

https://www.malware.ai/gui/files/?id=9f824928-a3af-4431-b4a6-4bccca91fc93

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/b7913c7bbfc24cc06ab944818131b856c80de8bf62ae33adc3f8a5156f36231a

Details

Excel Macro Manipulates Hidden Sheets

Detected macro logic designed to hide a sheet within the current, or another spreadsheet. This technique is not necessarily indicative of malicious behavior as hidden sheets have legitimate uses.

Verdict:

Unknown

File Type:

xlsx

Link:

https://opentip.kaspersky.com/b7913c7bbfc24cc06ab944818131b856c80de8bf62ae33adc3f8a5156f36231a/results?tab=lookup

Result

Threat name:

n/a

Detection:

clean

Classification:

n/a

Score:

4 / 100

Link:

https://www.joesandbox.com/analysis/1773284

Behaviour

Behavior Graph:

n/a

Score:

Verdict:

Benign

File Type:

OFFICE

Link:

https://malprob.io/report/b7913c7bbfc24cc06ab944818131b856c80de8bf62ae33adc3f8a5156f36231a

Verdict:

inconclusive

YARA:

3 match(es)

Tags:

Office Document

Link:

https://app.malva.re/file/fb4327f5244cb842edfa4ef23636e09c

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b7913c7bbfc24cc06ab944818131b856c80de8bf62ae33adc3f8a5156f36231a/

Threat name:

Document.Trojan.Heuristic

Status:

Malicious

First seen:

2025-09-08 15:26:52 UTC

File Type:

Document

Extracted files:

AV detection:

3 of 38 (7.89%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=w6ity657yjgma2vzisaycmnyk3ea32f7mkxdhlod7csrk3zwemna._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/250908-sv64vser3w/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/ff38c7a7-1a73-4a14-94fc-4e350fcd03e4

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/b7913c7bbfc24cc06ab944818131b856c80de8bf62ae33adc3f8a5156f36231a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

RemcosRAT

zip 15e1f4af0375906c314e3d460a185d55800a5e324917302d4db56225d5273075

xlsx b7913c7bbfc24cc06ab944818131b856c80de8bf62ae33adc3f8a5156f36231a

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/26314/

Dropped by

SHA256 15e1f4af0375906c314e3d460a185d55800a5e324917302d4db56225d5273075

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample